issue-fix-flow
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute various powerful command-line tools, including
git,gh(GitHub CLI),rg(ripgrep),swift, andxcodebuild. This includes write-access operations such asgit pushandgh pr create, which are necessary for the intended workflow but grant significant authority over the repository. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources (GitHub issues) to guide its actions. An attacker could embed malicious instructions in an issue description or comment to manipulate the agent's behavior.
- Ingestion points: Data retrieved from
gh issue view <id> --commentsas described inSKILL.md. - Boundary markers: Absent. The instructions do not include delimiters or specific directives to ignore instructions contained within the fetched issue data.
- Capability inventory: The skill allows for local file modification, git commits/pushes, and the execution of build/test scripts (e.g.,
swift build). - Sanitization: Absent. The agent is instructed to capture and follow reproduction steps and maintainer notes directly from the issue without validation.
Audit Metadata